Hi,
Regarding CVE-2006-0669 and SecurityTracker 1015600, the vendor disputes
the SQL injection claim and indicates that GA Forum Light does not use
an SQL database (it uses flat files). I looked through the code and the
behavior that was originally reported by Dj_Eyes From Crouz Security
Team appears to be a vbscript parsing error instead of an SQL injection
problem.
We've just written to Dj_Eyes for additional information, but I'm pretty
sure we'll be able to close this out as an incorrect report.
Stuart
--
Stuart Moore
SecurityTracker.com
SecurityGlobal.net LLC
smoore at securityglobal.net
+1 301 495 5930 voice
+1 413 691 4346 fax